b0e2ed27342d0723c060885450153250_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0e2ed27342d0723c060885450153250_JaffaCakes118
Size

228KB
MD5

b0e2ed27342d0723c060885450153250
SHA1

5d864108d8d862d7aee3f095ffef5cd12d7c0019
SHA256

0f33ffee4e87eaa15c71760b2c2efe4018771365f4ad7b28465b34bd7e5ef302
SHA512

f020dce35fa8cb6f5b1d60c67e66dc2522e983d30561d3221fea8723c1c61bcfb0cd88de4dfc81dd5f8d7956ce197b4c7e1278aafd06b662a3fe14df46cdc0a9
SSDEEP

6144:fLc+jTfw2g7/0YuD+8h2KHPtPnnzfq80jFih2iA28PV7d:fLc+I2g8+O2KpnzCNAh4Fd

Score

1^/10

Malware Config

Signatures

Files

b0e2ed27342d0723c060885450153250_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cccbb1f84c576246754f793988b41313

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/09/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:be
Signer

Actual PE Digest

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
CreateNamedPipeW
GetCurrentThread
CreateDirectoryA
IsValidCodePage
GetProcessHeaps
DeleteAtom
GetProcAddress
DosDateTimeToFileTime
SearchPathW
GetLogicalDriveStringsA
GetModuleHandleW
OpenEventA
GetDiskFreeSpaceW
ExpandEnvironmentStringsW
GetExitCodeProcess
EnumTimeFormatsA
GetMailslotInfo
GetComputerNameA
IsBadStringPtrA
GetVersionExA
AddAtomW
GetTimeFormatW
SetCurrentDirectoryA
GetSystemDirectoryA
SetComputerNameA
lstrcmp
SetCalendarInfoA
MoveFileW
lstrcmpA
GetEnvironmentStringsW
GetStartupInfoA
GetExpandedNameW
LoadLibraryExA
GetSystemTime
GetWindowsDirectoryW
FindAtomA

user32

GetMenuStringA
EnumClipboardFormats
SetActiveWindow
LoadMenuA
RegisterWindowMessageA
GetMenuItemID
GetKeyboardLayout
SetWindowLongW
GetSysColorBrush
GetCapture
SetParent
GetFocus
UpdateLayeredWindow
DefWindowProcW
GetIconInfo
TrackPopupMenu
PostQuitMessage
GetMenuItemRect
CharLowerA
IsIconic
MonitorFromWindow
GetScrollPos
SetWindowTextA
OpenClipboard
DialogBoxParamA
UnregisterClassW
AppendMenuW
wvsprintfA
DialogBoxParamW
WaitMessage
GetMessageW
GetCaretPos
CreateAcceleratorTableW
GetMenuInfo
AdjustWindowRect
EnumWindows
DialogBoxIndirectParamW
LoadIconA
CreateMenu
wvsprintfW
PostMessageA

shell32

ShellExecuteEx
StrStrIW
SHGetDesktopFolder
StrRStrIW
SHBrowseForFolderA
StrRStrW
StrRChrA
SHGetDiskFreeSpaceA

comdlg32

PageSetupDlgA
GetFileTitleW
PageSetupDlgW
PrintDlgExA

ole32

CoGetInstanceFromFile
CoInitialize
CLSIDFromProgID
CoGetInstanceFromIStorage
CoFileTimeNow

version

VerLanguageNameA
VerFindFileA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerLanguageNameW
GetFileVersionInfoA
VerFindFileW

imm32

ImmReleaseContext
ImmRegisterWordA

oledlg

OleUICanConvertOrActivateAs
OleUIConvertW
OleUIChangeIconW
OleUIPasteSpecialA
OleUIEditLinksA
OleUIBusyW
OleUIChangeSourceW
OleUIPromptUserW

sqlunirl

_ObjectDeleteAuditAlarm_@12
_WaitNamedPipe_@8
_GetClassName_@12
_UpdateResource_@24
_CopyMetaFile_@8
__lopen_@8
_FindWindowEx_@16
_BeginUpdateResource_@8
_GetServiceDisplayName_@16

Sections

.rvJH
Size: 1024B - Virtual size: 635B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NTHo
Size: 3KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qYC
Size: 1KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CZ
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mwmI
Size: 4KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trEUrt
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YmaCRC
Size: 12KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rMmJC
Size: 5KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cccbb1f84c576246754f793988b41313

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:beSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

comdlg32

ole32

version

imm32

oledlg

sqlunirl

Sections

.rvJH Size: 1024B - Virtual size: 635B

.I Size: 88KB - Virtual size: 88KB

.NTHo Size: 3KB - Virtual size: 478KB

.qYC Size: 1KB - Virtual size: 182KB

.CZ Size: 11KB - Virtual size: 11KB

.mwmI Size: 4KB - Virtual size: 52KB

.trEUrt Size: 88KB - Virtual size: 88KB

.YmaCRC Size: 12KB - Virtual size: 360KB

.rMmJC Size: 5KB - Virtual size: 347KB

.rsrc Size: 6KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:be
Signer

.rvJH
Size: 1024B - Virtual size: 635B

.I
Size: 88KB - Virtual size: 88KB

.NTHo
Size: 3KB - Virtual size: 478KB

.qYC
Size: 1KB - Virtual size: 182KB

.CZ
Size: 11KB - Virtual size: 11KB

.mwmI
Size: 4KB - Virtual size: 52KB

.trEUrt
Size: 88KB - Virtual size: 88KB

.YmaCRC
Size: 12KB - Virtual size: 360KB

.rMmJC
Size: 5KB - Virtual size: 347KB

.rsrc
Size: 6KB - Virtual size: 5KB